You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by nc...@apache.org on 2017/02/17 22:06:30 UTC
[31/50] [abbrv] ambari git commit: AMBARI-20049. One way SSL fallback
logic can cause some agents to be connected with 2-way SSL (aonishuk)
AMBARI-20049. One way SSL fallback logic can cause some agents to be connected with 2-way SSL (aonishuk)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/4eaec8ea
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/4eaec8ea
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/4eaec8ea
Branch: refs/heads/branch-feature-AMBARI-12556
Commit: 4eaec8eab5175303d8ba39439ac60f3deec25f19
Parents: ab53946
Author: Andrew Onishuk <ao...@hortonworks.com>
Authored: Thu Feb 16 17:36:27 2017 +0200
Committer: Andrew Onishuk <ao...@hortonworks.com>
Committed: Thu Feb 16 17:36:27 2017 +0200
----------------------------------------------------------------------
.../src/main/python/ambari_agent/security.py | 17 +++++------------
.../src/test/python/ambari_agent/TestSecurity.py | 2 ++
2 files changed, 7 insertions(+), 12 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/4eaec8ea/ambari-agent/src/main/python/ambari_agent/security.py
----------------------------------------------------------------------
diff --git a/ambari-agent/src/main/python/ambari_agent/security.py b/ambari-agent/src/main/python/ambari_agent/security.py
index 72ae954..45de7bb 100644
--- a/ambari-agent/src/main/python/ambari_agent/security.py
+++ b/ambari-agent/src/main/python/ambari_agent/security.py
@@ -55,18 +55,11 @@ class VerifiedHTTPSConnection(httplib.HTTPSConnection):
'Server require two-way SSL authentication. Use it instead of one-way...')
if not self.two_way_ssl_required:
- try:
- sock = self.create_connection()
- self.sock = ssl.wrap_socket(sock, cert_reqs=ssl.CERT_NONE)
- logger.info('SSL connection established. Two-way SSL authentication is '
- 'turned off on the server.')
- except (ssl.SSLError, AttributeError):
- self.two_way_ssl_required = True
- logger.info(
- 'Insecure connection to https://' + self.host + ':' + self.port +
- '/ failed. Reconnecting using two-way SSL authentication..')
-
- if self.two_way_ssl_required:
+ sock = self.create_connection()
+ self.sock = ssl.wrap_socket(sock, cert_reqs=ssl.CERT_NONE)
+ logger.info('SSL connection established. Two-way SSL authentication is '
+ 'turned off on the server.')
+ else:
self.certMan = CertificateManager(self.config, self.host)
self.certMan.initSecurity()
agent_key = self.certMan.getAgentKeyName()
http://git-wip-us.apache.org/repos/asf/ambari/blob/4eaec8ea/ambari-agent/src/test/python/ambari_agent/TestSecurity.py
----------------------------------------------------------------------
diff --git a/ambari-agent/src/test/python/ambari_agent/TestSecurity.py b/ambari-agent/src/test/python/ambari_agent/TestSecurity.py
index 9e28ae7..c9a7fbe 100644
--- a/ambari-agent/src/test/python/ambari_agent/TestSecurity.py
+++ b/ambari-agent/src/test/python/ambari_agent/TestSecurity.py
@@ -102,6 +102,8 @@ class TestSecurity(unittest.TestCase):
wrap_socket_mock.side_effect=ssl.SSLError()
connection = security.VerifiedHTTPSConnection("example.com",
self.config.get('server', 'secured_url_port'), self.config)
+ self.config.isTwoWaySSLConnection = MagicMock(return_value=True)
+
connection._tunnel_host = False
connection.sock = None
try: